CVE-2014-5337

Exploit

EPSS 52.79%
Veröffentlicht 29.08.2014 13:55:05
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps < 2.0.2 - Information Disclosure

The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php.

Mögliche Gegenmaßnahme

WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps: Update to version 2.0.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps

Version [*, 2.0.2)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wordpress Mobile Pack Project ≫ Wordpress Mobile Pack SwPlatformwordpress Version <= 2.0.1

Wordpress Mobile Pack Project ≫ Wordpress Mobile Pack Version1.2.0 SwPlatformwordpress

Wordpress Mobile Pack Project ≫ Wordpress Mobile Pack Version1.2.0 Updateb SwPlatformwordpress

Wordpress Mobile Pack Project ≫ Wordpress Mobile Pack Version1.2.0 Updateb2 SwPlatformwordpress

Wpmobilepack ≫ Wordpress Mobile Pack Version1.0.8223 SwPlatformwordpress

Wpmobilepack ≫ Wordpress Mobile Pack Version1.1.1 SwPlatformwordpress

Wpmobilepack ≫ Wordpress Mobile Pack Version1.1.2 SwPlatformwordpress

Wpmobilepack ≫ Wordpress Mobile Pack Version1.1.3 SwPlatformwordpress

Wpmobilepack ≫ Wordpress Mobile Pack Version1.1.9 SwPlatformwordpress

Wpmobilepack ≫ Wordpress Mobile Pack Version1.1.91 SwPlatformwordpress

Wpmobilepack ≫ Wordpress Mobile Pack Version1.1.92 SwPlatformwordpress

Wpmobilepack ≫ Wordpress Mobile Pack Version1.2.1 SwPlatformwordpress

Wpmobilepack ≫ Wordpress Mobile Pack Version1.2.3 SwPlatformwordpress

Wpmobilepack ≫ Wordpress Mobile Pack Version1.2.4 SwPlatformwordpress

Wpmobilepack ≫ Wordpress Mobile Pack Version1.2.5 SwPlatformwordpress

Wpmobilepack ≫ Wordpress Mobile Pack Version2.0 SwPlatformwordpress

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	52.79%	0.977

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://secunia.com/advisories/60584

http://wordpress.org/plugins/wordpress-mobile-pack/changelog/

Patch

http://www.securityfocus.com/bid/69292

https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/eb6bbbbb-b201-4fd5-8ee1-2369fb27070f

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-5337

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-5337

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-5337

EUVD